xref: /openbmc/linux/tools/testing/selftests/media_tests/regression_test.txt (revision f26e8817b235d8764363bffcc9cbfc61867371f2)

Testing for regressions in Media Controller API register, ioctl, syscall,
and unregister paths. There have a few problems that result in user-after
free on media_device, media_devnode, and cdev pointers when the driver is
unbound while ioctl is in progress.

Test Procedure:

Run bin/unbind loop while ioctls are in progress.
Run rmmod and modprobe.
Disconnect the device.

Setup:

Build media_device_test
cd tools/testing/selftests/media_tests
make

Regressions test for cdev user-after free error on /dev/mediaX when driver
is unbound:

Start media_device_test to regression test media devnode dynamic alloc
and cdev user-after-free fixes. This opens media dev files and sits in
a loop running media ioctl MEDIA_IOC_DEVICE_INFO command once every 10
seconds. The idea is when device file goes away, media devnode and cdev
should stick around until this test exits.

The test for a random number of iterations or until user kills it with a
sleep 10 in between the ioctl calls.

sudo ./media_device_test -d /dev/mediaX

Regression test for media_devnode unregister race with ioctl_syscall:

Start 6 open_loop_test.sh tests with different /dev/mediaX files. When
device file goes away after unbind, device file name changes. Start the
test with possible device names. If we start with /dev/media0 for example,
after unbind, /dev/media1 or /dev/media2 could get created. The idea is
keep ioctls going while bind/unbind runs.

Copy bind_unbind_sample.txt and make changes to specify the driver name
and number to run bind and unbind. Start the bind_unbind.sh

Run dmesg looking for any user-after free errors or mutex lock errors.